Take a look at this password: ji32k7au4a83. At first glance, it seems like it’d be pretty strong and hard to guess. But it’s actually a lot more common than you might think.
Hardware and software engineer Robert Ou discovered that this specific password has been seen more than a hundred different times in past data breaches.
Ou used Have I Been Pwned (HIBP), a great security service that lets you see whether or not your emails and passwords have been leaked online.
Specifically, HIBP reports that the password has been seen in at least 141 breaches.
Those are just the times we know about, since HIBP only aggregates login credentials that have been leaked in data breaches.
Ou then challenged people to figure out why this is the case. If it’s just a random string of characters, it would be incredibly unlikely for it to be used so often.
Several people who spotted Ou’s tweet quickly figured out the reason why. As it turns out, ji32k7au4a83 isn’t very secure — or random — at all.
Take a look at this keyboard, which uses the Zhuyin Fuhao input system for transliterating Mandarin. This is a key part of why that string of characters isn’t a coincidence.
Gizmodo’s Rhett Jones reached out to his friend Ben Macaulay, a graduate linguistics student and a Taiwan enthusiast who uses Zhuyin. The Zhuyin system is the most commonly used typing system in Taiwan.
Basically, ji32k7au4a83 translates to “my password.” That’s based on how it’s recognized by Unicode and how it would be typed out on the keyboard. Gizmodo broke down the simplified translation (though the outlet has a more in-depth explanation for those who’d like it).
- ji3 -> 我 -> M
- 2K7 -> 的 -> Y
- au4 -> 密 -> PASS
- a83 -> 碼 -> WORD
Long story short, poor password habits aren’t just a problem for the English-speaking world. If there’s one key takeaway, it’s this: you should avoid easy-to-guess passwords, no matter what language you speak.
We strongly recommend using a reliable password manager, to create and keep track of strong passwords. Also, don’t use simple passwords and don’t reuse any password across multiple sites. And regularly check HIBP to see if any of your own passwords have been leaked on the internet.